Skip to content
cyberLOW2026-04-21 22:16 UTC

CVE-2026-40929 - WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators

CVE ID :CVE-2026-40929 Published : April 21, 2026, 10:16 p.m. | 43 minutes ago Description :WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It doe

ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

Editorial policy · Report a correction